Educause Security Discussion mailing list archives

Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact

From: Dan Updegrove <updegrove () MAIL UTEXAS EDU>
Date: Sun, 22 Sep 2002 14:42:48 -0500

Colleagues -

Most campuses I'm familiar with have either:

* a 24x7 staffed help desk, NOC, telecom call center, or data center
- a 24x7 police dept/security office

so external authorities could convey an alert 24x7x365. Then: how does the
campus respond to the alert?

* On-site staffer in the NOC diagnoses the problem and immediately shuts
down the offending port(s) remotely
* Network engineer on pager does this, after some contact delay

If there is no campus response after
<agreed-upon-time-depending-on-severity-of-attack>, we could envision an
agreement whereby ISP(s) could disconnect campus Internet service. For
multiply-connected sites this could be tricky, but we can, presumably
assume that any multiply-connected campus is "large and/or sophisticated,"
so will have all-night staff and/or experts on pagers. Thus most, if not
all, non-responding campuses could be shut down by one ISP, assuming that
the cognizant law enforcement contact knows how to contact the ISP.

There are risks here, of course: confused law enforcement agents issuing
orders to shut down the wrong campus (Penn, not Penn State, etc.), or
making arbitrary determinations as to the severity of the cyber attack.

I believe, however, that this is worth our discussing.

Dan


At 01:41 PM 9/19/2002, Rodney Petersen wrote:

One of the recommendations in the "National Strategy To Secure
Cyberspace" (www.securecyberspace.gov) is that "each college and
university should consider establishing a point-of-contact, reachable at
all times, to Internet service providers (ISPs) and law enforcement
officials in the event that the school's IT systems are discovered to be
launching cyber attacks."

Is this a good idea?

How could it be implemented across higher education?

What are obstacles or challenges for moving forward with this
recommendation?

Other comments or insights?

Rodney Petersen
Security Task Force Coordinator
EDUCAUSE

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/memdir/cg/.



VP  for Information Technology          Phone (512) 232-9610
The University of Texas at Austin       Fax (512) 232-9607
FAC 248 (Mail code: G9800)              d.updegrove () its utexas edu
P.O. Box 7407                                   http://wnt.utexas.edu/~danu/
Austin, TX 78713-7407

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Rodney Petersen (Sep 19)
- <Possible follow-ups>
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Gary Flynn (Sep 19)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Jim Moore (Sep 19)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Allen Chang (Sep 20)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Dan Updegrove (Sep 22)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Kevin Shalla (Sep 23)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Bruhn, Mark S. (Sep 23)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Kevin Shalla (Sep 23)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Bruhn, Mark S. (Sep 23)
- Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact Nick Tate (Sep 23)